Transparency Report

As part of Atlassian’s commitment to earning and maintaining our customers’ trust, we have begun publishing an annual Transparency Report with information about government requests for users’ data as well as government requests to remove content or suspend user accounts.

Atlassian responds to government requests in accordance with our Privacy Policy, Customer Agreement, Acceptable Use Policy, and any applicable Service-Specific Terms. We also provide additional information about our policies and procedures for responding to requests for user data in our Guidelines for Law Enforcement. In responding to any government request (whether a request for user data or a request to remove content/suspend user accounts), Atlassian follows these guiding principles:

Requesting parties should first attempt to obtain the information directly from the customer or user(s) at issue. If the requesting party comes to Atlassian for user data, unless prohibited by law, we will notify the customer (so that customer has an opportunity to challenge the legal process) in accordance with our user notice policy. Atlassian will scrutinize every request for legal validity, and if required to comply by disclosing user data, we will respond in accordance with applicable law (including the federal Stored Communications Act), and will respond as narrowly as possible to the specific request. Atlassian will continue to advocate for reforms that allow us to provide more transparency to our customers.

Period for Transparency Report is January 1 through December 31 for the applicable year

US Government Requests for User Data

Year

Requests Received

Accounts Targeted in Requests Received

2017

13

88

2016

1

2

2015

4

19

Note: The 2017 report includes requests for Trello user data. Reports prior to 2017 do not include requests for Trello user data.

Atlassian’s Response to Requests Received

Year

Response

Number of Requests

Number of Accounts Where Data Disclosed

2017

Produced non-content user data

8

4

Objected

0

0

No responsive data

1

0

2016

Produced non-content user data

0

1

Objected

0

0

No responsive data

0

0

2015

Produced non-content user data

2

4

Objected

1

0

No responsive data

1

0

US Government Requests for Account Removal/Content Takedown

Year

Requests Received

Accounts Targeted in Requests Received

2017

0

0

2016

0

0

2015

1

3

Atlassian’s Response to Requests Received

Year

Response

Number of Requests

Number of Accounts Affected

2017

Blocked public access to user account

0

0

2016

0

0

2015

1

3

International Government Requests for User Data

Year

Requests Received

Accounts Targeted in Requests Received

2017

1

1

2016

1

1

2015

N/A

N/A

Atlassian’s Response to Requests Received

Year

Response

Number of Requests

Number of Accounts Where Data Disclosed

2017

Produced non-content user data

0

0

Objected

1

0

No responsive data

0

0

2016

Produced non-content user data

1

0

Objected

0

0

No responsive data

0

0

2015

Produced non-content user data

N/A

N/A

Objected

N/A

N/A

No responsive data

N/A

N/A

GLOSSARY

“Accounts affected” reflects the total number of user accounts for which Atlassian disclosed user data or suspended.

“Accounts targeted” reflects the total number of accounts that were subjects of the total number of legal requests (for example, a single subpoena could request information about two user accounts).

“Non-content user data” is subscriber information, such as the name and email address provided when you register for an account, billing information (if applicable), and IP addresses. This does not include any user-generated content, such as profile pictures or files uploaded by users and stored on Atlassian’s servers.

“No responsive data” reflects that Atlassian properly responded to a valid legal request, but did not have any responsive records to disclose to law enforcement.

“Number of requests” reflects the number of times that Atlassian received legal process requesting either user data or account suspension.

“Objected” means that Atlassian received a legal request but did not disclose any user data because we believed the request was not legally valid.